Detections
Analytics

HP LaserJet Pro /dev/save_restore.xml Administrative Password Disclosure

high Nessus Plugin ID 69283

Language:

Synopsis

The remote printer is affected by an information disclosure vulnerability.

Description

The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/dev/save_restore.xml' contains a hexadecimal representation of the administrative password. This information can be used by an attacker in further attacks.

Solution

Update the printer's firmware or disable file system access via the Postscript interface.

See Also

http://www.nessus.org/u?6839c51c

http://www.nessus.org/u?08935147

Plugin Details

Severity: High

ID: 69283

File Name: hp_laserjetpro_saverestore_pwd_disclosure.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 8/9/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2013-4807

Vulnerability Information

CPE: cpe:/h:hp:laserjet

Required KB Items: www/hp_laserjet/pname

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/26/2013

Vulnerability Publication Date: 7/31/2013

Reference Information

CVE: CVE-2013-4807

BID: 61565

IAVB: 2013-B-0080